etc/rc.d/ipfilter

   1 #!/bin/sh
   2 #
   3 # $NetBSD: ipfilter,v 1.10 2001/02/28 17:03:50 lukem Exp $
   4 # $FreeBSD$
   5 #
   6
   7 # PROVIDE: ipfilter
   8 # REQUIRE: FILESYSTEMS
   9 # BEFORE:  netif
  10 # KEYWORD: nojail
  11
  12 . /etc/rc.subr
  13
  14 name="ipfilter"
  15 rcvar=`set_rcvar`
  16 load_rc_config $name
  17 stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
  18
  19 start_precmd="$stop_precmd"
  20 start_cmd="ipfilter_start"
  21 stop_cmd="ipfilter_stop"
  22 reload_precmd="$stop_precmd"
  23 reload_cmd="ipfilter_reload"
  24 resync_precmd="$stop_precmd"
  25 resync_cmd="ipfilter_resync"
  26 status_precmd="$stop_precmd"
  27 status_cmd="ipfilter_status"
  28 extra_commands="reload resync status"
  29 required_modules="ipl:ipfilter"
  30
  31 ipfilter_start()
  32 {
  33         echo "Enabling ipfilter."
  34         if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
  35                 ${ipfilter_program:-/sbin/ipf} -E
  36         fi
  37         ${ipfilter_program:-/sbin/ipf} -Fa
  38         if [ -r "${ipfilter_rules}" ]; then
  39                 ${ipfilter_program:-/sbin/ipf} \
  40                     -f "${ipfilter_rules}" ${ipfilter_flags}
  41         fi
  42         ${ipfilter_program:-/sbin/ipf} -6 -Fa
  43         if [ -r "${ipv6_ipfilter_rules}" ]; then
  44                 ${ipfilter_program:-/sbin/ipf} -6 \
  45                     -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
  46         fi
  47 }
  48
  49 ipfilter_stop()
  50 {
  51         # XXX - The ipf -D command is not effective for 'lkm's
  52         if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
  53                 echo "Saving firewall state tables"
  54                 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
  55                 echo "Disabling ipfilter."
  56                 ${ipfilter_program:-/sbin/ipf} -D
  57         fi
  58 }
  59
  60 ipfilter_reload()
  61 {
  62         echo "Reloading ipfilter rules."
  63
  64         ${ipfilter_program:-/sbin/ipf} -I -Fa
  65         if [ -r "${ipfilter_rules}" ]; then
  66                 ${ipfilter_program:-/sbin/ipf} -I \
  67                     -f "${ipfilter_rules}" ${ipfilter_flags}
  68                 if [ $? -ne 0 ]; then
  69                         err 1 'Load of rules into alternate set failed; aborting reload'
  70                 fi
  71         fi
  72         ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
  73         if [ -r "${ipv6_ipfilter_rules}" ]; then
  74                 ${ipfilter_program:-/sbin/ipf} -I -6 \
  75                     -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
  76                 if [ $? -ne 0 ]; then
  77                         err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
  78                 fi
  79         fi
  80         ${ipfilter_program:-/sbin/ipf} -s
  81
  82 }
  83
  84 ipfilter_resync()
  85 {
  86         ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
  87 }
  88
  89 ipfilter_status()
  90 {
  91         ${ipfilter_program:-/sbin/ipf} -V
  92 }
  93
  94 run_rc_command "$1"